---

CVE-2021-28166 - log back

CVE-2021-28166 edited at 09 Apr 2021 19:56:09
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ In Eclipse Mosquitto version 2.0.0 to 2.0.9, if an authenticated client that had connected with MQTT v5 sent a crafted CONNACK message to the broker, a NULL pointer dereference would occur.
References	+ https://bugs.eclipse.org/bugs/show_bug.cgi?id=572608 + https://github.com/eclipse/mosquitto/issues/2163 + https://github.com/eclipse/mosquitto/commit/6a4a547892184ac7543cfda3ee2294e26be22484
Notes

CVE-2021-28166 created at 09 Apr 2021 19:53:50